7 Microsoft Security Bulletins for July 2006

Microsoft released seven security bulletins that cover every supported version of Windows and Office, including the Mac versions of Office. We finally have patches for a nasty zero-day exploit in Office, and there are updates to block a couple of new holes that I think will be very attractive to worm writers.

Web server admins will want to pay particular attention to MS06-033--Vulnerability in ASP.NET Could Allow Information Disclosure (917283) and MS06-034--Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537).

Both workstations and servers are vulnerable to MS06-035--Vulnerability in Server Service Could Allow Remote Code Execution (917159), especially if you have the Messenger or Alerter service started. This hole is one that I think attackers will jump on.

All Windows computers that have the DHCP Client service started need to install MS06-036--Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388) to shut down a vulnerability that I think will be attractive as a worm infection vector.

Finally, MS06-037--Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285), MS06-038--Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284), and MS06-039--Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384) impact every version of Office and some related applications including Project, Visio, OneNote, and Visual Studio that are vulnerable to the zero-day exploit I mentioned above.

All in all, I recommend installing all of these updates. For my detailed analysis of these security bulletins and a cool chart with fast facts about all seven bulletins at a glance, visit http://www.ultimatewindowssecurity.com

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.